For want of a single ethernet card, an airport was lost ...

Bill Stewart nonobvious at
Mon Aug 20 22:52:24 UTC 2007

On 8/18/07, Steven M. Bellovin <smb at> wrote:
> Did you see what the GAO found when they audited the US-VISIT network?
> The summary is at
> the full report is at

As usual with security, it's a tradeoff between goals, threat models,
economics, and competence.

While the goals of the system, as identified by the GAO, include a
brief phrase about "facilitate legitimate travel and trade", the rest
of the report appears to entirely ignore it.
It focuses on attackers, and bad guys trying to get in, and the
closest the report gets
to anything about reliability or business continuity is a bit about
preventing attackers from
carrying our denial of service attacks.    Given the ability of one
bad network card to
take down the network, and given a set of operational plans that keeps incoming
international travelers confined to their airplanes for hours at an
airport the size of LAX
which handles a lot of connections between international and domestic
or other international flights, it appears that the designers of both
the technical and operational sides are also ignoring the goal of
facilitating legitmate travel and trade.

I can't say I'm surprised, either.  While treating travellers well
probably won't be one of their goals until there's a major change in
government philosophy, perhaps they can improve service by
anthropomorphizing those evil terrorists named "Father Time",
"Murphy", "Router Bugs", and "Bubba the Backhoe Driver".   Certainly
the operational side didn't have processes for supporting travellers
with reasonable-looking papers in the event of a computer failure.

About two decades ago there was a network failure that took out all
three New York City area airports, caused by one guy with wire cutters
who was in the wrong manhole in Newark.  If they FAA had a set of dial
backup modems at each of the airports, they could have worked around
it, but they believed strongly that the shared civilian infrastructure
wasn't reliable enough and they needed to have dedicated systems just
for air traffic control.
             Thanks;     Bill

Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.

More information about the NANOG mailing list